---
+* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
+ - fixed stack buffer overflow in the openhost() command-line call
+ of NTPQ/NTPDC <perlinger@ntp.org>
* [Sec 3012] noepeer tweaks. <stenn@ntp.org>
+ * [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
+* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
+ other TrustedBSD platforms
+ - applied patch by Ian Lepore <perlinger@ntp.org>
* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements:
-* [Sec 3505]
+* [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc.
-* [Sec 3012]
+* [Sec 3012] Fix a hole in the new "noepeer" processing.
* Bug Fixes:
+ [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
+ [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
+ other TrustedBSD platforms
+ - applied patch by Ian Lepore <perlinger@ntp.org>
+ [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
+ - changed interaction with SCM to signal pending startup
[Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
[Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
projects / thirdparty / ntp.git / commitdiff
